Viktor Dukhovni <ietf-d...@dukhovni.org> wrote:
>
> I was therefore surprised to find that BIND 9.14 refuses load zone files
> with TXT records in the generic form, for example named-checkzone does
> not accept:
>
> example.org. IN TXT \# 4 deadbeef
The long version of Mark's message is that a TXT record consists of an
overall RDLENGTH (which is the number after the \#) and then each string
in the RDATA is prefixed with its own length byte. So the wire format of
TXT "\222\173\190\239
is
TYPE16 \# 5 04deadbeef
The multiple strings and nested lengths in TXT records are a curiously
gratuitous complication.
When I was working out how a SHA-1 attack could work with TXT records,
(https://www.dns.cam.ac.uk/news/2020-01-09-sha-mbles.html)
one of the problems was that the collision blocks in the best attack so
far are 588 bytes, which is too big to fit into a single TXT string. So
there will be length bytes inside the collision blocks which can't easily
be controlled by the attacker. The solution is to append 255 zero bytes
which is enough to fill the tail end of any string specified by the last
length byte in the collision blocks, and any excess zero bytes get treated
as a sequence of empty strings.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Dogger, Fisher, German Bight: West 7 to severe gale 9, decreasing 6 for a
time. Rough or very rough. Squally wintry showers. Good, occasionally poor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
